The author is a Forbes contributor. The opinions expressed are those of the writer.

Loading ...

Loading ...

This story appears in the {{article.article.magazine.pretty_date}} issue of {{article.article.magazine.pubName}}. Subscribe

Google

At midnight on Wednesday night, Google started working differently. If you pay attention to advertising, you may have seen some charming, pencil-figured ads entitled “Good to Know” about managing your privacy options. At midnight on March 1st, Google started linking your data across all of Google’s products. The theory is that this will make search results more personal. So if you write to your friend on gmail that you’re looking for a car and you visit the Car & Driver website from the Chrome browser then when you type “Jaguar” into Google search you’ll see the car, not the cat.

If it sounds helpful and unremarkable, that’s exactly the point of the advertising. The reality is somewhat different.

In fact, Google is making the boldest, brashest attack on Internet privacy since DoubleClick in 2000. In the process, Google is putting a bull’s-eye on its own brand, the same kind Microsoft wore in the nineties.

So what’s the big deal? After all, Google is not collecting any new information and it’s already doing some of what I described. The problem is a matter of scope. There's a very big difference between using data discretely where you find it (like using cookies on web browsers to target advertising based on browsing behavior) and combining data from different sources. You might be fine with hearing more about cars when you’re in the market for one but how about pregnancy, cancer or impotence - especially on a shared computer?

I mentioned DoubleClick in 2000 because Google’s actions today bear a lot of similarity to what DoubleClick was trying to accomplish back then. DoubleClick wanted to combine the cookie data it had on consumers with the mail-order catalog data that it acquired when it bought a company called Abacus Direct in 1999. Abacus is a co-op service that mail order businesses use to share data. Any particular cataloger might only have a few transactions recorded per household it has done business with and no data whatever on the majority of prospects. By combining data, the catalogers get seven or more transactions per household for virtually the entire U.S. – enough data to predict who will order from a new catalog that appears in the mailbox. DoubleClick’s vision was to combine these real-world identities with the Internet cookies the company used to track online browsing and shopping. Google will have an even broader scope of information when they combine their e-mail, web, social and search data streams.

Why is this bad for Google as a brand? There is a delicate balance of intimacy and anonymity that companies who market to consumers must maintain. In reality, there’s a value exchange implicit in all data collection. Consumers agree to let companies collect more data on them in return for better offers, a more personalized experience and less of what they perceive as spam or junk mail.

The linchpin of this theory is permission. When I arrived at DoubleClick in 2000, the first thing I learned was the difference between opt-in and opt-out. In the first case, you ask someone to explicitly agree to share personal data. In the second case, you take this agreement for granted but provide consumers with a way to decline to share. With Internet advertising, there is no problem measuring the difference between opt-in and opt-out: it's a country mile. Very few people opt-out of data sharing unless the check box is right on a page that they are already filling in and they can easily unclick it. Very few people will opt-in, unless there is an immediate benefit to doing so. So all in all, it’s not too surprising that Google has made the latest change to their privacy policy “opt-out.”